Organizations must defend against advanced persistent threats

New data security technology is available for organizations in every industry to defend against some of the modern threats that attack networks, but cybercriminals have new technology of their own that may be able to bypass companies that get left behind in the security game. One new how-to book by ISACA and Ernst & Young spells out how advanced persistent threats have changed the landscape from random hackers to high-tech, targeted attacks that may not even be detected for months.

"There are no universal solutions to prevent being infiltrated," said James Holley, leader for Ernst & Young LLP's Information Security Incident Response services and co-author of the book. "If sophisticated and well-funded attackers target a specific environment, they will get in. In this rapidly evolving threat landscape, information security professionals need to adopt the mindset that their network is already compromised or soon will be."

A few things that organizations must know about these APTs include: 

• Specific individuals are now heavily targeted, so educating employees can be key to stopping some threats from infiltrating a network
• Cyberattacks are now a business problem instead of simply a technology issue
• Prevention strategies, such as antivirus and firewalls, are no longer strong enough to stop the more serious threats that will go after a business

Some new capabilities that are available to fortify data security efforts include the ability to inspect network memory to detect malicious code, sweeping the organization for indicators they have been compromised, log aggregation and the ability to conduct forensic analysis of the entire company, according to Ernst & Young and ISACA.

The ISACA surveyed more than 1,500 security professionals and found that 94 percent believe that APT is a treat to economic stability, as well as national security. Sixty-three percent told the company that it is only a matter of time before they are attacked by an APT, while one out of five has already experienced one.

Defining what these attacks are
In order to stop an APT, organizations should first identify what this attack may be and get beyond the buzzword. IT professional Brian Laing wrote on SC Magazine that these attacks use higher technological capabilities over a long period of time with a motivation to either bring an organization's operations to a halt or steal privileged information.

There are usually many stages these attacks will sequentially navigate, including first identifying and researching targets, intruding their network with a spear phishing email or spoofed message, establishing its way into the network with a backdoor. After this, the APT does the dirty deed of obtaining user assets and may even install utilities of its own and try to latch onto the network for as long as it possibly can.

"Targeted attacks represent a very special type of threat – one that is silent, very difficult to trace and potentially devastating in the damage it can do, which ranges from stealing an organization's intellectual property or stealing passwords from systems so they have unlimited network access," he wrote. "It's essential that enterprise organizations protect themselves against these threats, and do so cost effectively, without placing an inappropriate burden on end-users or interrupting daily operations."

Spear phishing triggers most APTs
The main threat companies will have to watch out for when it comes to guarding against these threats is spear phishing, according to an article by CSO Online's John Mello. He said one company said these APTs have more than doubled from 2010 to 2011, with 91 percent of the attacks involving spear phishing. These messages pretend to be from a  trusted source, such as a company the user works with, but instead are looking for credit card numbers, usernames, passwords and more.

"Spear phishing is by far the most prevalent way that target systems are compromised by APTs," said Paul Ferguson, vice president for threat intelligence at Internet Identity, according to the website. "It's because it's not that hard to social engineer their victims into clicking on the wrong link or opening the wrong attachment by masquerading as someone they know or something they're expecting,"

JD Sherry, director of public technology and solutions for Trend Micro, said these attacks are used to get something of a foothold within an organization's network. Once the sequence is started, they can gain access into a network and bypass data security tools to start stealing information, installing threats on the network or other measures that could eventually harm an organization. Sherry said spear phishing likely will not be the first way hackers attack for long,as they could likely have more success via social media. With phishing attacks usually coming via email, criminals will notice the number of users on websites like Twitter and Facebook when they start to attack users in this way. Data security should be employed across all areas and organizations must educate employees as to how to protect themselves on social media websites, emails and other areas of business.

Leave a Reply